Ever since Edward Snowden began leaking National Security Agency (NSA) secrets earlier this year, President Obama has insisted that they weren't "whistle blowing" in any useful sense because they didn't reveal any abuses. Instead, they simply revealed secret programs that were:

In compliance with US law, which didn't need any significant changes; and

Generally speaking, a good idea.

For instance, here was Obama at an August 9 press conference at the White House, answering a couple of questions from journalists about the NSA's programs.

And if you look at the reports, even the disclosures that Mr. Snowden's put forward, all the stories that have been written, what you're not reading about is the government actually abusing these programs and, you know, listening in on people's phone calls or inappropriately reading people's e-mails. What you're hearing about is the prospect that these could be abused. Now part of the reason they're not abused is because they're—these checks are in place, and those abuses would be against the law and would be against the orders of the FISC.

As for any needed changes, they were minor. Obama's team already made some small modifications of its own—"some bolts needed to be tightened up on some of the programs," was how he put it. His changes involved things like more "compliance officers." But the programs and the laws they rested on were fine. Still, in the spirit of having a "discussion," Obama agreed that "people may want to jigger slightly short of the balance between the information that we can get versus the incremental encroachments on privacy" that might be possible "in a future administration or as technology's developed further." (Remember, everything now is fine!)

But the Snowden leaks kept coming and, as they did, more people started talking. First up—the revelation that the NSA had all sorts of compliance problems and that it wasn't in any hurry to tell its masters any more than they needed to know about them. Then came the chief judge of the FISC who admitted that his court had no real methods for keeping tabs on the NSA's activities apart from the NSA's own disclosures. Then, later in August, the government released a FISC opinion from 2011 in which a judge railed against the "third instance in less than three years in which the government has disclosed a substantial misrepresentation regarding the scope of a major collection program" at the NSA. Far from needing its "bolts tightened," this program's privacy requirements had been “so frequently and systematically violated that it can fairly be said that this critical element of the overall… regime has never functioned effectively.” Finally, the Wall Street Journal reported that NSA analysts spying on lovers and ex-lovers happened enough to have its own term: LOVEINT.

Fast forward to this week. Obama stopped off in Sweden for a major meeting and, during a press conference, tried to sell the NSA to skeptical Europeans. His first question was about NSA spying. Given the revelations of the last four weeks, would he make the exact same arguments? Almost—though he more directly admitted to the "actual abuses" that he dismissed as essentially hypothetical a month before. "There have been times where the procedures—because these are human endeavors—have not worked the way they should and we had to tighten them up."

He also sounded more open to changing various laws around surveillance, saying, "I think there are legitimate questions that have been raised about the fact that as technology advances and capabilities grow, it may be that the laws that are currently in place are not sufficient to guard against the dangers of us being able to track so much."

Still, the basic message was the same: 'Trust me—if you knew what I knew, you would support these programs, too.'

Can you really keep it under control?

The frustrating thing for critics of the massive US spy apparatus is that Obama keeps saying the right things—things like "so much of our information flow today is through the Internet, through wireless, that the risks of abuse are greater than they have been in the past." How to square that statement with the fact that Obama apparently supports the NSA's wholesale effort, revealed today, to ransack worldwide cryptography by weakening crypto standards, compromising routers, and breaking protocols that affect the lives and work of hundreds of millions of people around the world?

The answer may be that, while Obama really does seem to understand the problem he is helping to create, he is also aware of how many other nation states are working on the same tactics. "Some of the folks who have been most greatly offended publicly we know privately engage in the same activities directed at us or use information that we’ve obtained to protect their people," he said at the same press conference.

More broadly, Obama really does seem to believe that the NSA can keep its secrets to itself, that its incredible effort to destroy privacy and anonymity online can be restricted to the hunt for "terrorists." It's a pipe dream. The effects will spill over in all kinds of ways, with the most obvious being a lack of trust. As security guru Bruce Schneier put it today, "By subverting the Internet at every level to make it a vast, multi-layered, and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our Internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical Internet stewards."

That's probably true—and yet, there's little in the short run that most people will (or even) can do about it. More practically, it will probably lead to increased spying, as other nation-states and hackers exploit the ways that the NSA has degraded Internet encryption. Backdoors create security breaches exploitable by unintended users—remember the Athens Affair? A built-in backdoor meant for law enforcement was accessed by others to spy on some of Greece's top leaders.

The point has long been made by engineers. In 2001, for instance, the Internet Engineering Task Force (IETF) took up the question of designing wiretaps into products and concluded that it was a bad idea. "Experience has shown that complexity almost inevitably jeopardizes the security of communications even when it is not being tapped by any legal means; there are also obvious risks raised by having to protect the access to the wiretap," it wrote. "This is in conflict with the goal of freedom from security loopholes."

As the ACLU's Chris Soghoian put it today in a statement, "The encryption technologies that the NSA has exploited to enable its secret dragnet surveillance are the same technologies that protect our most sensitive information, including medical records, financial transactions, and commercial secrets. Even as the NSA demands more powers to invade our privacy in the name of cybersecurity, it is making the Internet less secure and exposing us to criminal hacking, foreign espionage, and unlawful surveillance. The NSA's efforts to secretly defeat encryption are recklessly shortsighted and will further erode not only the United States' reputation as a global champion of civil liberties and privacy but the economic competitiveness of its largest companies."

Or, as the Center for Democracy & Technology—no radical group—added in a statement today, “The NSA seems to be operating on the fantastically naïve assumption that any vulnerabilities it builds into core Internet technologies can only be exploited by itself and its global partners. The NSA simply should not be building vulnerabilities into the fundamental tools that we all rely upon to protect our private information."

That neither Obama nor the NSA respect the force of this argument has been one of the more troubling aspects of today's revelations. And it certainly doesn't encourage "trust."

Promoted Comments

The Athens affair should be compulsory reading for all US Senators. It was an exploit used against the people who put it there. It made the authors of Stuxnet look like amateurs. For a start, we still have no idea who done it.

"The NSA simply should not be building vulnerabilities into the fundamental tools that we all rely upon to protect our private information."

Encryption does not give you immunity against warrants and searches . There is no legal nor logical basis to claim that law enforcement can not crack encryption, read you emails, open you mail, enter to your house to search for evidence against you , etc.

Those things are a world apart from building vulnerabilities into those devices.

You are talking about the police going into your house. What is happening here is more akin to the police requiring all lock makers to provide master keys, so they won't have to batter the door down. Or ensuring that the all-steel lock construction is actually tin with a shiny zinc coating. These are things that make you vulnerable to anyone, not just to police with a warrant.

In any case, it's fine with me if law enforcement crack encryption, read emails, open mail, and search houses. All I expect is that they get a warrant, and then don't lie about it when they get to court.

91 Reader Comments

Considering how long this capability has been in place or in development, it must really make you wonder how much the NSA/FBI/SEC knew about the meltdown in 2007-8. Considering the obvious treasure trove of cracked emails and bank/stock/hedgefund/derivative transactions, where are all the convictions? We should know where all the secret bank accounts are, shouldn't we? An illegal search? The DEA knows how to get around that, just ask.

I have always believed that if any security relies on a public/private key or certificate encryption and is being used by major internet players like Microsoft Google etc .. It is best and most likely correct to assume it is compromised by the secret agencies.

If what is required to decrypt is a private key and password... You should assume that the secret agencies have either got someone in the organization that has voluntarily given them the private key and password, compelled its production by threat of imprisonment for non compliance or simply hacked and stolen it.

In most cases it was probably given freely. Remember humans evolved as group animals aka tribes. This means most will act to protect the tribe from real, perceived or hypothetical threats. For example, tell appropriate executives at Microsoft that we need the key to protect us from the evil people out to harm us and who are not part of our tribe and we will only use it for the good of our tribe... most of these executives will hand it over as this is the only patriotic (good tribal) thing to be done.

You can often get clues to this stuff ... Check out the companies that quickly blocked WikiLeaks access to funding such as Paypal... PayPal freezes $45,000 of Mailpile’s crowdfunded dollars (later released after it went public)... They wanted their business information .., think it is an accident that the company trying to develop secret e-mail is one of those that gets 'accidentally blocked and then they demand the business info... Maybe but assume it is intentional and you are likely correct. How not all kickstarters got blocked which means there is some 'intelligence' to the blocking algorithm.

Another important thing to remember is that you can bet your bottom dollar that technical blogs like this are monitored and an attempt is made to influence the direction of discussion. Some comments in the blogs simply reek of that :-). Years, back I used to read a hacking blog... One of the hackers was caught and they used him to get info on the other hackers... A previously unknown poster, posted that the dude was compromised and working for the FBI, be careful... The blog led by a few regulars vilified the dude... Dude never responded but a few months later when the other hackers were caught ... The doubters were like, damn dude was correct.

And stop thinking the Constitution is some religious document that gives god like protection... Consider it just as a framework that the founders set for us to govern ourselves. At one time slavery was constitutional. It only needs 5 of 9 people on the Supreme Court to agree on what is constitutional and they are not often known for courage. They will generally with few historical exceptions rule constitutional anything currently broadly accepted by society. These agencies have batteries of lawyers whose function is to write clever words that subvert the intent of legislation, thereby making it legal and giving cover for any action the agencies deem useful or necessary..

I don't think it's too far fetched to see the return of hard copy documents and the rise of the profession of "armed courier" in the future, simply because for anything that needs to be truly private it will be the most secure, and securely destroyed, method.

so strange how that has come full circle.. and also that the future is way more like Shadowrun than I ever thought it would be as a kid, haha

Maybe we can all get jobs then? NSA building a Shadowrun future for the sake of the economy.

I don't think it's too far fetched to see the return of hard copy documents and the rise of the profession of "armed courier" in the future, simply because for anything that needs to be truly private it will be the most secure, and securely destroyed, method.

so strange how that has come full circle.. and also that the future is way more like Shadowrun than I ever thought it would be as a kid, haha

Maybe we can all get jobs then? NSA building a Shadowrun future for the sake of the economy.

"The NSA simply should not be building vulnerabilities into the fundamental tools that we all rely upon to protect our private information."

Encryption does not give you immunity against warrants and searches . There is no legal nor logical basis to claim that law enforcement can not crack encryption, read you emails, open you mail, enter to your house to search for evidence against you , etc.

The NSA is not 'law enforcement'.

This is the fundamental issue. All countries have police forces. All countries have spies. The problem is when you blur the lines between the two.

Police officers have certain powers. They can monitor citizens, but they need a warrant. They can arrest citizens and put them in jail, but they have to follow the law.

Spies have other powers. Their mission is to break the laws of other countries. Stealing secrets, watching people, and finding out who is doing what is the fundamental mission of an intelligence agency. In the modern world, this extends to covert operations such as sabotage, disinformation, psychological warfare, and even assassination.

There's a reason why the words "police" and "secret" are relatively benign, but the phrase "secret police" is alarming. When you combine the powers of the police to arrest and imprison with the powers of a spy agency to operate in secret, to monitor anyone without a warrant, and to conduct operations without any transparency, you've created a secret police force.

We're not there yet.

The NSA is not the Stasi or the KGB. But the willingness of the NSA to monitor US citizens and secretly share information with law enforcement agencies (FBI, DEA, IRS, etc.) should be alarming to anyone who doesn't like being on a slippery slope towards the secret police.

That doesn't mean that NSA employees are bad people. Many of them join out of patriotism and a desire to serve and protect the country. I would expect that a lot of them reacted like the lead in Homeland when 9/11 happened, thinking "We failed. We should have been able to stop this. We need to do better so this doesn't happen again."

After 9/11, a lot of people criticized the lack of communication between the NSA, CIA, and FBI, saying that they should have been able to connect the dots. As a result, Congress removed most of the barriers preventing intelligence from working with law enforcement. It was understandable, but it put us on the slippery slope, and we've been sliding ever since.

It's time for a "Great Firewall of America". One that keeps the Americans out of everyone else's internet.

China and Russia must love this too. They don't have to sell compromised gear to anyone. They can just use the back doors the NSA crapped out all over the planet. They probably stole the keys years ago anyway.

Nate, thanks for this article. Please keep discussing the hypocrisy and apparent short-sighted stupidity of the folks running these programs. Few commentators seem willing to discuss the disconnect and outright lying of officials (including the President) regarding Snowden's disclosures.

Hopefully the Administration, at all levels, finally realises how incredibly stupid their actions/policy is and has been. (Like blanket surveillance, weakening crypto and building in backdoors, FFS!) Destroying privacy does NOT make a better world.

Reading the New York Times article one thing really stood out - They are co-opting american chipmakers to insert backdoors into the hardware. That really takes to a very bad place.

What's frustrating is that there is still zero outrage in the public apart from a few geeks. Yesterday Kyle posted an article on Ars about the interview with an Microsoft XBox exec. A few people in the comments posted about how the Kinect could be used by the NSA. As expect they got downvoted and made fun of.

Given what we now know about the extent and depth of NSA's reach and ambition, is it so inconceivable that NSA would leverage a resource like Kinect in tens of millions of homes around the world, particularly when the supplier is a (fucking government dick sucking whore) company like Microsoft?

There have to be backdoors to enable the technical access for authorities in pursuing crime. Police walk the beat in real life and scan with their eyes. They wiretap phones when they have a probable cause and a warrant. And by the same token, they have to do this on the Internet as well. No one has yet shown *concrete, specific, individual cases of abuses* like wrongful surveillance or arrest.

The problem: there is a well-defined and controlled procedure (legally speaking) for wiretapping phones, with oversight from a publicly elected/appointed judiciary. With standards for evidence and the admissibility of evidence in a public trial, and for the right for law enforcement to run a wiretap in the first place. Not so with the kind of surveillance this article describes.

Then there's the main thrust of the article, which is that having these back doors for them makes the entire encryption scheme less trustworthy, not only because of possible government interference but because of how exploitable a "master decryption key" is if put in other wrong hands (not convinced the .gov is the right hands.) Also, even if that key isn't found, the weaknesses introduced by having that kind of back door makes the crypto inherently and mathematically orders of magnitude weaker.

I would also point out that the laws requiring telecoms to be wiretap ready do not specify that the software I run on my computer be so. Additionally, if this kind of master key requirement were passed into law it would make any kind of open source crypto trivial to break since the vulnerability would be available for anyone to see, and we all know how well security through obscurity worked out for Yamamoto.

People have been raising these issues since at least 2005. At some point, you need to stop listening to what someone says, and start paying attention to what they do. This administrations' top priority is to put Edward Snowden in prison for life, not to subtly weigh out the proper balance between security and freedom. This administrations priority was to try to put Thomas Drake in prison for 30 years, not to tighten the bolts a little bit on a system that was slightly off kilter. Then there is the Kiriakou case, the Leibowitz case, the Kim case, Ali Soufan's book, the "No Easy Day" book, the Wikileaks Grand Jury in Cambridge, the harassment of Greenwald, Team Themis, and on and on and on. The "reality based community" is supposed to focus on evidence, not on the sophistry of the powerful.

"The NSA simply should not be building vulnerabilities into the fundamental tools that we all rely upon to protect our private information."

Encryption does not give you immunity against warrants and searches . There is no legal nor logical basis to claim that law enforcement can not crack encryption, read you emails, open you mail, enter to your house to search for evidence against you , etc.

The NSA is not 'law enforcement'.

There's a reason why the words "police" and "secret" are relatively benign, but the phrase "secret police" is alarming. When you combine the powers of the police to arrest and imprison with the powers of a spy agency to operate in secret, to monitor anyone without a warrant, and to conduct operations without any transparency, you've created a secret police force.

We're not there yet.

Uhm.. the NSA monitors communications, feeds it into a database, and then the CIA uses this to send a drone to kill US citizens without trial and without due process, in clear violation of the spirit and the letter of the constitution. It has already happened, more than once. And reporters who talk about it are watching their colleagues get harassed and stopped from talking. We are there.

And if you say "but we are at war", then let me ask, if the war never ends, then why bother having a bill of rights at all? Let's just erase it from the constitution forever. Thats what dictatorships do- have never ending 'states of emergency' for decades on end. It's happened dozens of times, all over Africa, Asia, even Nazi Germany used the same philosophy of government. Because there is never going to be a surrender on the Missouri in some kind of ill defined War on Drugs, Terror, Human Trafficking, Child Pornography, Poverty, Invasive Fish Species, High Flow Toilets, and whatever else the federal government decides to pile on top of the Fourteen Trillion Dollar Debt.

"The NSA simply should not be building vulnerabilities into the fundamental tools that we all rely upon to protect our private information."

Encryption does not give you immunity against warrants and searches . There is no legal nor logical basis to claim that law enforcement can not crack encryption, read you emails, open you mail, enter to your house to search for evidence against you , etc.

The NSA is not 'law enforcement'.

This is the fundamental issue. All countries have police forces. All countries have spies. The problem is when you blur the lines between the two.

Police officers have certain powers. They can monitor citizens, but they need a warrant. They can arrest citizens and put them in jail, but they have to follow the law.

Spies have other powers. Their mission is to break the laws of other countries. Stealing secrets, watching people, and finding out who is doing what is the fundamental mission of an intelligence agency. In the modern world, this extends to covert operations such as sabotage, disinformation, psychological warfare, and even assassination.

There's a reason why the words "police" and "secret" are relatively benign, but the phrase "secret police" is alarming. When you combine the powers of the police to arrest and imprison with the powers of a spy agency to operate in secret, to monitor anyone without a warrant, and to conduct operations without any transparency, you've created a secret police force.

We're not there yet.

The NSA is not the Stasi or the KGB. But the willingness of the NSA to monitor US citizens and secretly share information with law enforcement agencies (FBI, DEA, IRS, etc.) should be alarming to anyone who doesn't like being on a slippery slope towards the secret police.

That doesn't mean that NSA employees are bad people. Many of them join out of patriotism and a desire to serve and protect the country. I would expect that a lot of them reacted like the lead in Homeland when 9/11 happened, thinking "We failed. We should have been able to stop this. We need to do better so this doesn't happen again."

After 9/11, a lot of people criticized the lack of communication between the NSA, CIA, and FBI, saying that they should have been able to connect the dots. As a result, Congress removed most of the barriers preventing intelligence from working with law enforcement. It was understandable, but it put us on the slippery slope, and we've been sliding ever since.

Of course it's not just the NSA. The DEA's program working with AT&T to get 26 years of phone metadata including location data for cell phones, also without warrants, is the same crossing of the line: spy methodology being used for law enforcement purposes.

"The NSA simply should not be building vulnerabilities into the fundamental tools that we all rely upon to protect our private information."

Encryption does not give you immunity against warrants and searches . There is no legal nor logical basis to claim that law enforcement can not crack encryption, read you emails, open you mail, enter to your house to search for evidence against you , etc.

The NSA is not 'law enforcement'.

This is the fundamental issue. All countries have police forces. All countries have spies. The problem is when you blur the lines between the two.

Police officers have certain powers. They can monitor citizens, but they need a warrant. They can arrest citizens and put them in jail, but they have to follow the law.

Spies have other powers. Their mission is to break the laws of other countries. Stealing secrets, watching people, and finding out who is doing what is the fundamental mission of an intelligence agency. In the modern world, this extends to covert operations such as sabotage, disinformation, psychological warfare, and even assassination.

There's a reason why the words "police" and "secret" are relatively benign, but the phrase "secret police" is alarming. When you combine the powers of the police to arrest and imprison with the powers of a spy agency to operate in secret, to monitor anyone without a warrant, and to conduct operations without any transparency, you've created a secret police force.

We're not there yet.

The NSA is not the Stasi or the KGB. But the willingness of the NSA to monitor US citizens and secretly share information with law enforcement agencies (FBI, DEA, IRS, etc.) should be alarming to anyone who doesn't like being on a slippery slope towards the secret police..

I'm sorry, but when the NSA provide their intel to the DEA and then the DEA LIES and FAKES UP A STORY for how they came across incriminating information, then the NSA is only a VERY VERY short step away from the Stasi. All they need to add now is imprisonment for disagreeing with the government and they are there. Between them and the CIA they have all the other powers, including torture of people they dislike enough.

"The NSA simply should not be building vulnerabilities into the fundamental tools that we all rely upon to protect our private information."

Encryption does not give you immunity against warrants and searches . There is no legal nor logical basis to claim that law enforcement can not crack encryption, read you emails, open you mail, enter to your house to search for evidence against you , etc.

The NSA is not 'law enforcement'.

This is the fundamental issue. All countries have police forces. All countries have spies. The problem is when you blur the lines between the two.

Police officers have certain powers. They can monitor citizens, but they need a warrant. They can arrest citizens and put them in jail, but they have to follow the law.

Spies have other powers. Their mission is to break the laws of other countries. Stealing secrets, watching people, and finding out who is doing what is the fundamental mission of an intelligence agency. In the modern world, this extends to covert operations such as sabotage, disinformation, psychological warfare, and even assassination.

There's a reason why the words "police" and "secret" are relatively benign, but the phrase "secret police" is alarming. When you combine the powers of the police to arrest and imprison with the powers of a spy agency to operate in secret, to monitor anyone without a warrant, and to conduct operations without any transparency, you've created a secret police force.

We're not there yet.

The NSA is not the Stasi or the KGB. But the willingness of the NSA to monitor US citizens and secretly share information with law enforcement agencies (FBI, DEA, IRS, etc.) should be alarming to anyone who doesn't like being on a slippery slope towards the secret police..

I'm sorry, but when the NSA provide their intel to the DEA and then the DEA LIES and FAKES UP A STORY for how they came across incriminating information, then the NSA is only a VERY VERY short step away from the Stasi. All they need to add now is imprisonment for disagreeing with the government and they are there. Between them and the CIA they have all the other powers, including torture of people they dislike enough.

You realize I'm agreeing with you, right?

I'm saying were not quite at the stage where you have to worry about your children turning you in to the secret police to have you sent to the Gulag. But the fact that we have something close to a Gulag in Guantanamo is bad enough, and we need to put a stop to it.

The Athens affair should be compulsory reading for all US Senators. It was an exploit used against the people who put it there. It made the authors of Stuxnet look like amateurs. For a start, we still have no idea who done it.

According to the Greek Private Data Watchdog, that was tasked with investigating the scandal, the phones used to access the backdoor made calls to a location in Maryland close to the NSA headquarters, so we do know.

These cyber weapons indiscriminately target the innocent and the guilty alike, and they are currently undergoing an uncontrolled and dangerous arms race. Sounds familiar?

We need a global non-proliferation treaty on the use of cyber and surveillance weapons.

Would be lovely. Except there's one key difference between WMD and surveillance: the use of WMD is obvious because they destroy things (the D part of WMD); and development/ production of these weapons requires industrial infrastructure and testing (which is, to varying degrees, detectable). Surveillance is usually covert and non-destructive, and like the pharmaceuticals lab that can be rapidly switched over to producing small quantities of chemical/biological agents, surveillance activities can be made to look from the outside much like other commercial activities. So everybody who is already doing surveillance would probably sign the treaty and then continue as before, being just a little more careful not to get caught...

The solution is total transparency. The NSA can’t spy if there’s nothing to spy on, and it won’t work to shut them down, because every nation is doing it. We can have the best spies or no spies, but there can’t be no spying unless there are no secrets.

That (the requirement to compel production of encryption keys) is unsettled law. Where I live (within the jurisdiction of the 11th Circuit Court of Appeals), the Fifth Amendment does come to mind. In the rest of the United States, you should plan on going to jail for contempt if you don't give over. The Supremes will eventually decide.

No, you should not plan on going to jail if you don't giver over. The law in my locality specifically says that you cannot be forced to give testimony against yourself and the law includes being forced to give encryption passwords in that.

It is sad that a rural area has more sane laws on that subject than a more urban area just up the road.

I guess the Computer Fraud and Abuse act is like a convenient "to do" checklist for the NSA.

Actually that gives me an idea. Illegalize any attempts to circumvent NSA surveillance methods, as an attempt to undermine the security imposed upon the people by the government. Label it computer fraud or abuse, slap it under the aforementioned act, all probelms solved.

And this is why I never do transactions online. When the government drops the ball "again" and the methods to crack the various encryptions leak into criminal hands we will be in deep sh... It is disheartening to know that even I f I'm careful with my personal info and comunications some asshat on the NSA could be selling it to identity theft crooks for a quick buck on the side since it is near impossible to find out.

Still, the basic message was the same: 'Trust me—if you knew what I knew, you would support these programs too.'

That message is getting really old. Ok, so you can't talk about operations in progress for fear of compromising them. That's fine. How about showing us your track record of busts?

If the DEA started a secret internet wiretapping program and five years later they had made 416 arrests and stopped the shipment of 928 tons of drugs, you know they'd be shouting from the rooftops about it, and I believe the public would be much more ok with the program. What has the NSA done with all their spying?

The issue isn't necessarily that the NSA is spying on us, it's that they're apparently spying on us for no good reason.

Still, the basic message was the same: 'Trust me—if you knew what I knew, you would support these programs too.'

That message is getting really old. Ok, so you can't talk about operations in progress for fear of compromising them. That's fine. How about showing us your track record of busts?

If the DEA started a secret internet wiretapping program and five years later they had made 416 arrests and stopped the shipment of 928 tons of drugs, you know they'd be shouting from the rooftops about it, and I believe the public would be much more ok with the program. What has the NSA done with all their spying?

The issue isn't necessarily that the NSA is spying on us, it's that they're apparently spying on us for no good reason.

We know the DEA's track record. We know the government's track record. We are the world's most imprisoned state. We are already a police state. Martin Luther King Jr was spied on as a potential enemy of the state (while preaching nonviolence!), yet the first African-American President supports domestic spying, that's how bad it's gotten.

To de-militarize the US, first we need to end the prohibition on casual drug use. Stop wasting billions on room and board and weapons. Cut the military budget for real, not just make a show of it like the sequester. The military spending has to stop, this is a democracy and we can make it happen. Hell no to Syria, hell no to the NSA and hell no to outspending the entire world in weaponry. It's time to do something before it's too late.

'Trust me—if you knew what I knew, you would support these programs too.'

I'm supposed to trust the information you have from people who actively mislead, if not outright lie, as a matter of course? From people who omit any inconvenient truths if at all possible? From people who hear "This might not be legal," and respond, "How do we redefine words so that existing law would make it legal under our new definitions?"

NSA spying is not a only technical problem that needs to be solved. It is a political and legal one. In our houses and homes we don't have elaborate and extensive security measures. You just need a key to get in through your door. You don't need fingerprints, 2048-bit memorized passphrases and retina reading machinery to get into your living room.

The same standard should apply here. You should just have to need a key, and no matter how drunk you are at 3 am in the morning, you should be able to open your door. And if someone does defeat your simple security, the impulse of society and government should be to at least try to hunt whoever break in down and prosecute.

I can't help but find the NSA's way of referring to things more than a little creepy. "LOVEINT," "SIGINT," etc sound like someone read the Newspeak appendix from 1984 and thought it was the greatest idea ever.

If you are a CEO do you really want to be using Bitlocker to secure your hard drives when the NSA probably has forced MS to place a backdoor in there for them, or anybody else who can find it?

That is just one example, but it goes on and on and on. Can't just pick on MS here.

Is it safe to assume that TrueCrypt hasn't be compromised? Is that the only safe encryption left out there?

This applies to hardware encryption too! How about your Intel processor? Has it been compromised by the NSA forcing Intel to place a backdoor in hardware? And here we were worried about Huawei selling routers in the USA. Probably with good cause, all those in the know, know they are doing the same as we have been doing! Makes you wonder if anyone will want to buy a Cisco router now since they all may have been compromised by the NSA! Sorry Cisco, you are out of business. Microsoft, Yahoo, Google, Facebook, etc, all out of business too gratuity of the NSA. Who is going to trust anything they say or put out?

Reading the New York Times article one thing really stood out - They are co-opting american chipmakers to insert backdoors into the hardware. That really takes to a very bad place.

What's frustrating is that there is still zero outrage in the public apart from a few geeks. Yesterday Kyle posted an article on Ars about the interview with an Microsoft XBox exec. A few people in the comments posted about how the Kinect could be used by the NSA. As expect they got downvoted and made fun of.

Given what we now know about the extent and depth of NSA's reach and ambition, is it so inconceivable that NSA would leverage a resource like Kinect in tens of millions of homes around the world, particularly when the supplier is a (fucking government dick sucking whore) company like Microsoft?

Even if Kinect itself is not directly compromised, we know for sure that Microsoft's cloud services are compromised. The Xbox is, through Skype and XBL chat, already a conduit.

Obama is the master of doublespeak as the author acknowledges. He says what the people want to hear and a majority believe it as gospel. But then does the exact opposite. He often contradicts himself the very next sentence, or next day, or following week. Obama has a propaganda master as a speechwriter.

Obama's consistent theme is "you can have your cake and eat it too!" It doesn't matter if it is true or even possible. A majority take it as faith even as he takes something from you. Obama the con man!

I surprised we're not seeing a stronger lobby for more NSA oversight from our financial institutions. They should be shaking in their boots. If it ever comes to pass that we KNOW our encrypted transactions are as safe as plain text I predict massive panic and more money kept in mattresses.

The idea of back doors always scared me and I'm not feeling any better these days. Suppose some new apps and mail-privacy techniques come to market now. How can we trust them?

That's nice. So. Can you say with confidence whether they they can burrowing into my laptop or not?

As in to find the key to your password protected drive, that uses "256 bit encryption"?... easily. This is more inline with the methods used for breaking hashed passwords on websites which Dan Goodin has numerous articles on.

By "256 bit encryption" you mean AES?.. with a sufficiently long password of alpha-numerics, how do you "easily" break that??

I surprised we're not seeing a stronger lobby for more NSA oversight from our financial institutions. They should be shaking in their boots. If it ever comes to pass that we KNOW our encrypted transactions are as safe as plain text I predict massive panic and more money kept in mattresses.

The idea of back doors always scared me and I'm not feeling any better these days. Suppose some new apps and mail-privacy techniques come to market now. How can we trust them?

There is a difference between not trusting cryptography and not trusting your ISP... as for the latter - I'm sure the big financial institutions didn't trust them from the beginning.

Now... if the US gov't got close to passing laws against cryptography that the NSA couldn't snoop in... then you'd be hearing the uproar from industry. As it stands, any company can - with the proper measures - keep themselves immune from hackers and the NSA (same thing apparently).